Strengthening Security and Transparency with T-Mobile’s New Trust Center

By Jeff Simon, SVP & Chief Security Officer of T-MobileJune 26, 2024

We at T-Mobile know that to achieve our mission to be the best in the world at connecting customers to their world we must fulfill the promise we have made to protect the information they entrust us with. I joined the Un-carrier about a year ago to help continue delivering on that promise, stepping in to lead T-Mobile’s cybersecurity organization and oversee the protection of customer data and the full lifecycle of security functions from policy and architecture, to monitoring and response.

Since my first day, my team and I have been fully committed to evolving the cybersecurity transformation work that was already well underway when I joined Team Magenta. We’ve continued to make steady steps forward in an ever-evolving space. We have also challenged ourselves to pursue reviews and accreditations that validate our progress, transparently share results and provide an unbiased window into our cybersecurity posture, alignment and best practices.

To do that, we recently launched our Trust Center, a hub with information about our cybersecurity certifications, reports, audits, scores and more. Here are some of the most important ratings and reviews that you’ll find there:

International Organization for Standardization (ISO) 27001
We recently achieved International Organization for Standardization (ISO) 27001 certification, one of the most well-known cybersecurity certifications in the world. It involves an in-depth audit of our cybersecurity program to make sure we have a comprehensive process in place to continuously improve it. Specifically, ISO 27001 looks at our information security management system (ISMS) — a systematic approach to managing and protecting our information, assets, technologies, policies, people and other security controls. With ISO 27001 in-hand, our customers and employees can feel more confident that we’ve taken significant steps to better protect them.

System and Organization Controls (SOC) 2 Type 2 Report
We also secured a favorable System and Organization Controls (SOC) 2 Type 2 report, along with SOC 2 Type 1 and Type 3. The most thorough, SOC 2 Type 2 is another industry-standard evaluation which focuses on the ways we protect data. This report involves independent analysis of the security, availability, processing integrity, confidentiality and privacy of key systems and data over a period of 3 months to ensure we meet the highest standards set by the American Institute of Certified Public Accountants (AICPA). Meeting these stringent requirements means that we’re better safeguarding sensitive data and information.

Other Ratings
We’ve also tapped cybersecurity rating companies like ImmuniWeb and Bitsight to help us benchmark our progress and identify opportunities for improvement. In an era where cyber threats are increasingly sophisticated, maintaining strong cybersecurity grades helps us ensure we’re evolving, too. As of today, we’ve secured an A rating from ImmuniWeb and a 780/900 score from Bitsight. While there’s room for improvement, these scores underpin the success of our hard work over the past few years.

Staying a Step Ahead
The Trust Center and the assessments shared there are just some of the initiatives we’ve undertaken which also include revamping our Bug Bounty program, accelerating our hybrid zero trust implementation and further enhancing identity and authentication processes at every level across T-Mobile.

While we are proud of our continued forward momentum and the steps we’ve continued to take to safeguard data, we recognize that our journey is ongoing. As cyber threats continue to evolve, so will we. We won’t stop being all in to ensure a safer, more secure digital future for everyone.

To read more about online safety, cybersecurity and tools that we have for customers, head to our Privacy Center.

- Jeff